ClamWin is not a real time scanner, but I have used it for some small offices. Install it, and setup scheduled scans. I usually have it scan daily then email me the report. Is completely free, and works on Server 2008, and most any other WIndows OS.

Forefront from Microsoft is not free but on volume licensing its close enough.

Insanely cheap for a year if you have the supporting software.

I'm sure there might be a dissenting opinion here but I see no need for AV on a server, especially a 2008 R2 server.

Never seen a virus, never had a virus, never heard of a virus on one.

You have AV on the desktop so that covers files in/out on the server. Client AV is pretty useless too IMO, permitter security like a UTM or similar device is the only real way to protect the network along with user education.

i would just go and buy the server antivirus, you could get yourself in a grey area, if not nothing else, there is lots of trials out there (AVG Server comes to mind) where you can try the server antivirus, and purchase it at a later point.

It gets them the same as a desktop, they just hopefully aren't touched very often. AV should be on every machine, it's a good risk reduction strategy - just to be safe. 2008 R2 is just as likely to get infected by people doing foolish things as any other system. Almost all setups are from human "error" or carelessness.

You have AV on the desktop so that covers files in/out on the server. Client AV is pretty useless too IMO, permitter security like a UTM or similar device is the only real way to protect the network along with user education.

It's relatively easy to get a trojan past a UTM or to have people bypass the perimeter security. Just bring in a USB stick and the UTM is useless. Once an internal machine is compromised then the UTM is useless because the attacks are internal.

You have AV on the desktop so that covers files in/out on the server. Client AV is pretty useless too IMO, permitter security like a UTM or similar device is the only real way to protect the network along with user education.

It's relatively easy to get a trojan past a UTM or to have people bypass the perimeter security. Just bring in a USB stick and the UTM is useless. Once an internal machine is compromised then the UTM is useless because the attacks are internal.

My comment was under done under a assumption that 95 percent of the infections out there come from the internet, 5 percent from USB keys and the like.

My comment was under done under a assumption that 95 percent of the infections out there come from the internet, 5 percent from USB keys and the like.

Today that is probably true. No one carries media with them anymore. Although if you have things like laptops going on and off the network or any type of secure file transfer system you have gateways to stop the UTM from having any way to filter.

Maybe a good solution could be Clamwin on the server (as it has been said, no real-time scanning) and a perimetral AV like Untangle (Lite package for free), even better if Untangle manages 3 networks, one for desktops, one for servers and the WAN connection.

I highly recommend GFI Vipre Business. I know you want free, but Vipre Business is extremely affordable and also will scan USB drives when inserted into a computer. I've installed it at multiple locations and been loving it since. Shoot me a PM if you have any questions.

I highly recommend GFI Vipre Business. I know you want free, but Vipre Business is extremely affordable and also will scan USB drives when inserted into a computer. I've installed it at multiple locations and been loving it since. Shoot me a PM if you have any questions.

That's what we use. "Free" is not a good place to be with anti-virus. There is no serious free solution today and as it requires constant upkeep I expect it to be a very, very long time before there is, if ever.

I highly recommend GFI Vipre Business. I know you want free, but Vipre Business is extremely affordable and also will scan USB drives when inserted into a computer. I've installed it at multiple locations and been loving it since. Shoot me a PM if you have any questions.

That's what we use. "Free" is not a good place to be with anti-virus. There is no serious free solution today and as it requires constant upkeep I expect it to be a very, very long time before there is, if ever.

I'm totally with you there. I actually started installing Vipre so much on the side I actually became a partner with them. I'm trying to convince the company I work for full-time to move away from Symantec to GFI. The funny thing is, when I took over as Sys admin the previous guys never setup even the Endpoint Manager so everything was stand-alone on machines. Some machines even had Symantec Corp.

I highly recommend GFI Vipre Business. I know you want free, but Vipre Business is extremely affordable and also will scan USB drives when inserted into a computer. I've installed it at multiple locations and been loving it since. Shoot me a PM if you have any questions.

I second this. We just renewed 240 licenses for 3 years for ~$3400, which comes to less than $5/lic/year. It seems to run fine on the servers and is very easy to manage.

I highly recommend GFI Vipre Business. I know you want free, but Vipre Business is extremely affordable and also will scan USB drives when inserted into a computer. I've installed it at multiple locations and been loving it since. Shoot me a PM if you have any questions.

I second this. We just renewed 240 licenses for 3 years for ~$3400, which comes to less than $5/lic/year. It seems to run fine on the servers and is very easy to manage.

We don't run AV on our servers either, also disable the local firewall on each server. We rely on our Cisco gateways/firewalls to provide protection. No-one uses the 'net on the servers at all and has worked for us so far...

1st Post

I think the point is to have a "layered" approach to threat management. Think of each Anti-Virus engine (whether it's the UTM, Exchange Store scanning, server disk scanning, etc) as a sieve with a fine mesh, and think of the viruses as a handful of dirt being tossed into the top of the sieve. With a single sieve (e.g. Anti-Virus on your workstations), or even two of'em if you also include a UTM, you'll catch most of the dirt, but a couple significant bits will fall through. However, if you have four or five of those sieves, all stacked inside of each other, then when you throw a handful of dirt in the top you're much less likely to get anything coming out of the bottom-most sieve.

eric-ptek wrote:

Scott Alan Miller wrote:

eric-ptek wrote:

You have AV on the desktop so that covers files in/out on the server. Client AV is pretty useless too IMO, permitter security like a UTM or similar device is the only real way to protect the network along with user education.

It's relatively easy to get a trojan past a UTM or to have people bypass the perimeter security. Just bring in a USB stick and the UTM is useless. Once an internal machine is compromised then the UTM is useless because the attacks are internal.

My comment was under done under a assumption that 95 percent of the infections out there come from the internet, 5 percent from USB keys and the like.

I do not know of an adquate "free" antivirus for servers. If you have the money to spend on server hardware and software, you should budget in protection for the server. free prodcuts are for usually for home and personal use (read the agreement).

People have to sit and write the programs, write the patches, if they didn't get paid we wouldn't have antivirus software.

There are some area's you can cut corners, but I wouldn't on a server, it is too much hard working getting it running again, especially if it is a domain server.

Buy some decent antivirus software for your server and at least you might be able to sleep a little at night, knowing that you are not infringing licene agreements and your server will have the best protection it can and not the worst.

1st Post

If cost is a massive factor in this then take a look at AVG Fileserver edition. cheapest is about £30 a year and covers 2 connections i have it running on 2008r2 and whs2011. seems lightweight, good admin.console and even does sharepoint scanning.